PVS-Studio - additional insurance for medical software

Errors in the software can lead not only to material losses, but also damage people's health. For example, artists on the stage of the theater may be injured if one of the scenery suddenly starts falling to the stage at the wrong time. However, the more obvious is the relationship between errors in the code and health hazards in medical software. Let's talk on this topic.



After my publication, “ To increase the reliability and security of banking software, use PVS-Studio ”, our company list has been replenished with several companies creating the appropriate software. The article turned out unexpectedly successful and effective. Neither I nor my colleagues expected such a return from her. Apparently the articles are much stronger when I think not about errors in general, but talking about a certain class of software. Now I am forced to write articles covering other areas of software.



This article focuses on development teams creating software for medical equipment. I hope they will not remain indifferent and will check their code with PVS-Studio. I also hope that a number of them after this will join the list of our clients in the area of ​​"Medicine".

')

Let us recall two well-known cases in which mistakes in medicine-related programs caused sad news.

First, it is a series of tragic events , which resulted in errors in the Therac-25 radiation therapy apparatus. From June 1985 to January 1987, this device caused at least six overdoses of radiation, some patients received doses of tens of thousands of rad. At least two died directly from overdose. The cause of the tragedies was an error in the software of the device, and the fundamental problem was the wrong security strategy.

Secondly, software errors can be harmful and indirect. For example , bugs in software for MRI scanners question 40,000 scientific studies. For several decades, neuroscientists and cognitive psychologists have used the AFNI, SPM, and FSL statistical programs to analyze fMRI data. As it turned out, due to incorrect algorithms, these programs can return up to 70% false positive results instead of the expected 5%.



As you can see, errors in the code can lead not only to troubles, such as program crashes or data loss, but also to much more serious consequences, on which the life and health of many people will depend on for years.



Moreover, the developer is responsible not only for his own code, but also for the code of the libraries used. The situation is quite real when, due to an error in the third-party library, artifacts will arise when creating an image / video and this will confuse the diagnosis.



This is not an abstract theoretical problem. I myself came across a situation when an error began to manifest itself when porting a program to a 64-bit system, leading to incorrect processing of MRI data. Fortunately, the error manifested itself very clearly: there was no large fragment of the image. However, the error may not be so noticeable and consist in the incorrect display of some small details, and it will be much more difficult to find it.

I wrote about this error in more detail in the article " How the PVS-Studio project began 10 years ago ." It is this and some other 64-bit errors that formed the basis for the creation of the Viva64 tool, which then turned into a PVS-Studio static code analyzer.



It is impossible to predict where and what mistakes can lead to trouble. The error may not be difficult and spoil life, hiding in the algorithm for processing and displaying data. I can well imagine a situation where, due to an error in the comparison function, the data of the wrong patient is selected for processing, or the program does not notice any differences in the structure of the data describing the patient's condition.

I am a dreamer and such errors are made only by students in term papers? Ha! Please take some time and get acquainted with my article " Evil lives in comparison functions ". After it, you will begin to share my concerns.



I suggest that all readers start using the PVS-Studio static code analyzer. Yes, this analyzer, like any other tool, does not guarantee the absence of errors in programs. However, it will become an additional line of defense on the battlefield with bugs. It will help detect a large number of errors at the earliest stages of development and, possibly, help to preserve someone’s health.



As I wrote above, the developer of critical software is responsible not only for the quality of its code, but also for the libraries used. The PVS-Studio analyzer will help to find errors in third-party libraries, as well as help to make an assessment of the quality of third-party libraries. Perhaps, if someone sees the extremely low quality of the library code, he will in time decide to abandon its use and find a better alternative.



And the last question to which I will answer. Why I did not write this article immediately after the article about the security of banking software? The development of software code for the medical field is often the programming of various microcontrollers. I waited for our analyzer to be adapted to code analysis for embedded devices. And now I have a reason: "The PVS-Studio 6.22 static code analyzer is adapted for ARM compilers (Keil, IAR) ."



Thank you all for your attention and I propose to download and start using the PVS-Studio code analyzer. Useful links:

1. Download PVS-Studio for Windows
2. Download PVS-Studio for Linux
3. Note: PVS-Studio version for macOS will be available soon
4. Documentation. How to run PVS-Studio in Linux
5. Examples of checking various open projects
6. Write to us in support of any questions, we will quickly respond and help set up the analyzer to check your projects.

If you want to share this article with an English-speaking audience, then please use the link to the translation: Andrey Karpov. PVS-Studio: Medical Insurance .